Skip to content
Snippets Groups Projects
Commit ad234004 authored by Adrien Béraud's avatar Adrien Béraud
Browse files

crypto: store CRLs in a set

parent a88e6a4c
No related branches found
No related tags found
No related merge requests found
...@@ -314,7 +314,7 @@ struct OPENDHT_PUBLIC Certificate { ...@@ -314,7 +314,7 @@ struct OPENDHT_PUBLIC Certificate {
std::string print() const; std::string print() const;
void revoke(const PrivateKey&, const Certificate&); void revoke(const PrivateKey&, const Certificate&);
std::vector<std::shared_ptr<RevocationList>> getRevocationLists() const { return revocation_lists; } std::vector<std::shared_ptr<RevocationList>> getRevocationLists() const;
void addRevocationList(RevocationList&&); void addRevocationList(RevocationList&&);
void addRevocationList(std::shared_ptr<RevocationList>); void addRevocationList(std::shared_ptr<RevocationList>);
...@@ -325,7 +325,7 @@ struct OPENDHT_PUBLIC Certificate { ...@@ -325,7 +325,7 @@ struct OPENDHT_PUBLIC Certificate {
private: private:
Certificate(const Certificate&) = delete; Certificate(const Certificate&) = delete;
Certificate& operator=(const Certificate&) = delete; Certificate& operator=(const Certificate&) = delete;
std::vector<std::shared_ptr<RevocationList>> revocation_lists; std::set<std::shared_ptr<RevocationList>> revocation_lists;
}; };
......
...@@ -739,8 +739,8 @@ void ...@@ -739,8 +739,8 @@ void
Certificate::revoke(const PrivateKey& key, const Certificate& to_revoke) Certificate::revoke(const PrivateKey& key, const Certificate& to_revoke)
{ {
if (revocation_lists.empty()) if (revocation_lists.empty())
revocation_lists.emplace_back(std::make_shared<RevocationList>()); revocation_lists.emplace(std::make_shared<RevocationList>());
auto& list = *revocation_lists.back(); auto& list = *(*revocation_lists.begin());
list.revoke(to_revoke); list.revoke(to_revoke);
list.sign(key, *this); list.sign(key, *this);
} }
...@@ -754,9 +754,11 @@ Certificate::addRevocationList(RevocationList&& list) ...@@ -754,9 +754,11 @@ Certificate::addRevocationList(RevocationList&& list)
void void
Certificate::addRevocationList(std::shared_ptr<RevocationList> list) Certificate::addRevocationList(std::shared_ptr<RevocationList> list)
{ {
if (revocation_lists.find(list) != revocation_lists.end())
return; // Already in the list
if (not list->isSignedBy(*this)) if (not list->isSignedBy(*this))
throw CryptoException("CRL is not signed by this certificate"); throw CryptoException("CRL is not signed by this certificate");
revocation_lists.emplace_back(std::move(list)); revocation_lists.emplace(std::move(list));
} }
std::chrono::system_clock::time_point std::chrono::system_clock::time_point
...@@ -869,6 +871,16 @@ Certificate::generate(const PrivateKey& key, const std::string& name, Identity c ...@@ -869,6 +871,16 @@ Certificate::generate(const PrivateKey& key, const std::string& name, Identity c
return ret; return ret;
} }
std::vector<std::shared_ptr<RevocationList>>
Certificate::getRevocationLists() const
{
std::vector<std::shared_ptr<RevocationList>> ret;
ret.reserve(revocation_lists.size());
for (const auto& crl : revocation_lists)
ret.emplace_back(crl);
return ret;
}
RevocationList::RevocationList() RevocationList::RevocationList()
{ {
gnutls_x509_crl_init(&crl); gnutls_x509_crl_init(&crl);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment